Category: crypto

  • Disturbing Apple Trends

    I’ve long been an Apple fan. It is somewhat dissonant with my strong attachment to open-source/free software, but I’ve learned to live with it because I am significantly more productive on Mac OS than on Linux, and I still have to work with plenty of MS Office (and no, Open Office doesn’t cut it.) That […]

  • Open-Audit Voting means a Single Vote Counts

    After an incredibly long and busy week of work for my colleagues Olivier Pereira and Olivier de Marneffe, the UCL election, based on Helios, has been verified and tallied. The trustees arrived earlier today and successfully decrypted the result. Students each got approximately 1/10 of a vote, while Faculty got a full vote. 4000 people […]

  • The Beautiful Magic of Cryptography

    An election just wrapped up a few hours hours ago [public radio, le soir, RTL info]. The encrypted votes are stored in a redundant database, tied to each voter’s identifier, signed by the voting system, and available to all election participants for auditing. Each voter has a receipt of their encrypted vote they can compare […]

  • New Slides Posted

    I’ve posted my talk slides from my voting talk at UCL, and my short voting talk at the Harvard College Fund Assembly. I’ve included copies on Slideshare, which is starting to get interesting. I see that I can create synced audio for these slides…. I need to find time to do that for some of […]

  • More open-audit voting deployment

    Just as we’re wrapping up the verification for UCL‘s test election (powered by Helios) in preparation for their big election in a few days, we get word that the Scantegrity team is going to be used in a real US democratic election. That is fantastic news for the voting community. I hope we continue to […]

  • The Bar of Public Understanding

    I’m in Louvain-la-Neuve at the Université Catholique de Louvain where Helios Voting is being deployed to 25,000 voters, and I just had dinner with Olivier Pereira, the guy who’s doing a fantastic job leading the project here at UCL. We discussed the issue of activists and how they often seem to believe that they know […]

  • On Bad-Faith Mocking of Academic Research

    “This is a matter of how we prioritize the money that we spend […] Where does a lot of that money end up, anyways? […] Sometimes these dollars, they go to projects having little or nothing to do with the public good. Things like fruit fly research in Paris, France.” Sarah Palin, US Vice-Presidential Candidate, […]

  • Helios x 25K @ UCL

    I’m really excited to announce that Helios will power the Recteur election at the Université Catholique de Louvain (UCL), in Belgium. I’ve been working with their team, led by Olivier Pereira and Jean-Jacques Quisquater, for the last 4-5 months to help them evaluate Helios and think about their customization needs. The UCL team is working […]

  • Dan Wallach on Internet Voting

    Dan Wallach strikes again, putting the Estonians on notice regarding their plans to go from bad to worse with mobile-phone-based voting. It’s fascinating to me how most of the world regards Estonia’s high-tech elections as further proof of how technologically advanced Estonia is, while most computer security experts are absolutely petrified. The gap is another […]

  • “You can get the ballots and count them yourself”

    My friend Oliver points me to Humboldt County’s initiative to post publicly all of its cast ballots. The article includes a video of Mitch Trachtenberg explaining how his open-source software package counts scanned images of ballots. “You can get the ballots and count them yourself,” he says. Yes! Fantastic! Nice work Mitch, and nice work […]

  • Dan Wallach on teaching open-audit voting

    Dan Wallach writes about how hard it is to explain the cryptography of verifiable elections: My big question is whether we have a research challenge to invent progressively simpler systems that still have the right security properties, or whether we have an education challenge to explain that a certain amount of complexity is worthwhile for […]

  • Open-Audit Elections featured in Documentary

    Richard Drury recently completed his documentary “Challenges for Democracy”, which covers a number of voting issues. His work is available for sale, so if you support this kind of in-depth reporting, please go buy his DVD! Richard has graciously agreed to release my segment on Open-Audit Elections under a Creative Commons license. Here it is, […]

  • Salon on Voting

    T’is election season, so the press is covering voting. Cyrus again, this time on Salon, and with a fantastic article, and not just because it mentions Helios.

  • The Economist Covers Voting

    The Economist covers voting with cryptography, including some of my work. Good to see folks like the Economist paying attention… although the article misses the big point. Voting with cryptography is not about making your vote more secret. It’s about making your vote more verifiable. For those who advocate traditional paper ballots, the point is […]

  • CRYPTO Rump Session

    The best part of the yearly CRYPTO conference is the Tuesday evening rump session, where I’m at right now. There was the Jean-Jacques Quisquater inimitable spoof presentation on attacking Enigma machines by putting them in the microwave, a fantastic Lessig-presentation-spoof by Hovav Shacham, and much more. It’s easy to forget that most cryptographers have a […]

  • Helios Voting System — Launched!

    I just gave my talk at Usenix Security on Helios, my new web-based voting system that supports cryptographic auditing. Since it’s web-based, you don’t want to use this for elections where coercion is a serious concern. But if you’re running an online election for your club, software community, etc.., it’s perfect. Just go to: […]

  • Benaloh strikes again

    Since I haven’t had the time to write up every talk, I’ll just highlight one talk today that I particularly enjoyed: Josh Benaloh’s paper on achieving both administrative and public verifiability in elections [PDF]. I’m a big fan of Josh’s work. My upcoming voting system implementation, Helios, is based on one of Josh’s earlier protocols. […]

  • Don’t Hash Secrets

    Building secure systems is difficult. It would be nice if we had a bunch of well-designed crypto building blocks that we could assemble in all sorts of ways and be certain that they would, no matter what, yield a secure system overall. There are, in fact, folks working on such things at a theoretical level […]

  • Voting @ Google

    Just before Christmas, I was invited by my friend and colleague Steve Weis to give a talk about voting with cryptography at Google. I’ve done about 10-15 talks of this kind, but this was a fun challenge: a very talented audience with an introductory understanding of cryptography (Steve had given 3 prior lectures on cryptography). […]

  • Of Park Benches, Cardboard Boxes, Armored Cars and Voting

    The Swiss have implemented quantum cryptography to transfer votes to a central tallying authority. This is pretty cool, and I applaud the Swiss for trying new technologies to improve election security. However, marketing this as “unbreakable encryption” is troubling. I can’t help but see this as a version of Gene Spafford’s warning writ large: SSL […]

  • Security Theater and Transparency

    [With apologies to my grandmothers, some of the most insightful people I’ve known.] When you want to build a publicly accountable secure system, must you build to the lowest common denominator? The key example is, of course, voting. It’s clear that you have to build the user interface to the lowest common denominator: given minimal […]

  • Windows Genuine Advantage: Guilty until Proven Innocent

    In cryptographic protocols, we talk about “the adversary”, this entity that’s trying to screw up the security goals of your protocol. Applied security folks also talk about adversaries, though they talk more often about “threats” and “threat models.” In any case, there’s some dark, shadowy, evil figure fighting against you. In a well architectured system, […]

  • Facebook Platform: bad login practices, OpenID doesn’t work

    Facebook launched a platform that lets third-party developers add Facebook applications. This is visionary, and it’s very very cool (though I’m not sure it’s the revolution everyone is talking about.) The problem, of course, is authentication. Take a look at the Zoho Facebook application. Zoho is a separate company. They have their own accounts. So […]

  • Google, the Desktop, and Privacy

    Google just released Google Desktop for Mac, and that got me thinking again about the Google and Privacy issue I wrote about here and here. I said that Microsoft might have an interesting privacy advantage, because your data lives on your computer, and their software doesn’t need to send much info to the mothership. By […]

  • A Talk at the Boston Latin School

    Yesterday, I gave an introductory lecture to high school juniors and seniors in Ms. Reiner‘s AP Computer Science at the Boston Latin School. Ginger (Reiner) is an old friend who became a high school teacher after a fast-paced software engineering career: the world needs more people like her. It was a fantastic experience, in large […]

  • Responding to Ronald

    In response to my recent post regarding open-audit voting, Ronald Crane expresses a number of doubts regarding cryptographic auditing of elections, concluding “I don’t see that crypto voting solves much.” I am responding in detail here because Ronald is deeply misinformed. There are certainly points regarding open-audit techniques that merit in-depth discussion, but the points […]

  • I Stand with Avi (regarding American Idol)

    First, I need to express solidarity with Avi, who went out on a limb and professed his love of American Idol. I, too, am a closet American Idol fan, and I completely agree: if only the voting were verifiable! I personally think Jared should have qualified for the final 12. But on to the immediate […]

  • On Fully Informed Decisions and the Role of Academics

    Professors Avi Rubin and Ed Felten are renowned computer security experts. Their work has made the press numerous times, and they’ve testified to various Congressional Committees on many issues, including voting. But when it comes to voting, their statements tend to leave out an entire category of voting systems for no clear reason. It’s as […]

  • My Talk at TCC 2007

    Last week, I was in Amsterdam for the Theory of Cryptography Conference, where I presented my work (joint with Douglas Wikström) on How to Shuffle in Public. The conference was exhausting, intense, and extremely interesting. And, minus a last-minute A/V problem due to a broken pin in the VGA connector, my talk went well. If […]

  • BeamAuth: Two-Factor Web Authentication with a Bookmark.

    (There’s always a dilemma between “publishing soon” and “polishing for peer review.” This is my first attempt at blog-based collaborative peer-review. Let’s see how it goes!) The Problem Phishing is a serious issue, and it’s only getting worse. Through various means, Alice ends up at a spoofed web site she thinks she recognizes (usually her […]